Exempt a URI in extrahop alert

triggers
metrics

#1

Hello,

We have this alert with the description below and just recently this alerts gets triggered frequently and we identified that its coming from a URI that we can ignore. Is there a way that I can exempt a particular uri for this alert?

Description:
Alert triggered when errors value over 5 minutes > 15.

Thanks,


#2

You can achieve this by creating a custom metric using the triggers API.

Create a trigger on the HTTP_RESPONSE event with code like the following:

// Don't count the URL
if (HTTP.uri === "the url to exclude") return;
// Don't count errors
if (HTTP.statusCode < 500) return;

Flow.server.device.metricAddCount("http_server_important_rsp_error", 1);

You’ll want to assign this trigger to the same groups of devices as the alert is monitoring.

You’d then make the alert on that custom metric, rather than on the built-in metric.


#3

Thanks for the response Tedd. Quick question, does the custom metric gets automatically created when I added this line on when creating the Trigger?

Flow.server.device.metricAddCount("http_server_important_rsp_error", 1);

I was able to create the trigger and assign it to the device group but still getting the alert. I also tried changing the metric on the screenshot above to the http_server_important_rsp_error but cant seem to locate it.

thanks for your help


#4

In the alerts UI, you’ll need to select the custom_count metric as the one you want to alert on.

In the Key Pattern field, you’ll then type http_server_important_rsp_error; that will tell the system to alert off your custom metric rather than off the built-in metric.